US20080263645A1 - Privacy identifier remediation - Google Patents
Privacy identifier remediation Download PDFInfo
- Publication number
- US20080263645A1 US20080263645A1 US11/739,031 US73903107A US2008263645A1 US 20080263645 A1 US20080263645 A1 US 20080263645A1 US 73903107 A US73903107 A US 73903107A US 2008263645 A1 US2008263645 A1 US 2008263645A1
- Authority
- US
- United States
- Prior art keywords
- token
- identifier
- server
- privacy
- credit card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3672—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/403—Solvency checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- a method and apparatus is provided for privacy identifier remediation using a secure server installation.
- the secure server installation abstracts privacy identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety.
- the secure server installation intercepts transactions using privacy identifiers that are sent from front end applications to back end applications, and forwards tokens in replacement of privacy identifiers for processing by the back end applications.
- the secure server component also acts as a mediation gateway to connect to external agencies or processing systems.
- the privacy identifiers comprise credit card numbers.
- FIG. 1 is schematic showing the processing components of an embodiment of a secure server installation and its environment
- FIG. 2 is flow diagram illustrating method steps of a privacy identifier remediation process
- FIG. 3 is a flow diagram illustrating further method steps of a privacy identifier remediation process
- FIG. 4 shows details of the process of FIG. 2 applied to the specific example of credit cards.
- FIG. 5 shows details of the process of FIG. 3 applied to the specific example of credit cards.
- secure server installation 10 is physically isolated in a secure location and logically connected via firewall 12 and router 14 to a variety of front end servers 16 , back end systems 18 , systems 20 and external processing systems.
- the front end servers 16 comprise any server or device that captures one or more privacy identifiers such as credit card data, social insurance numbers, bank account numbers, driver's license numbers, contract numbers and phone numbers from a person such as a customer or consumer.
- the back end systems 18 comprise for example application and database servers that process privacy transactions, that is, a transaction that involves a privacy identifier.
- the systems 20 comprise privacy data validation servers, and may include for example end systems and users that need to connect to the secure server installation 10 for purposes of maintenance & operations, monitoring, logging of privacy data for purposes of audits, financial reporting and investigations.
- the connection links between the elements shown in FIG. 1 represent logical connections formed upon request over any communications link including optical fiber, wireless and wired connections, and may include intervening networks of any suitable kind such as portions of the internet. SSL or equivalent or better communications security should be used to secure communications, and for that purpose the secure server installation 10 may be connected via a firewall 12 to the router 14 by an SSL device 15 such as an SSL accelerator, as for example an SSL accelerator from F 5 Networks.
- the secure server installation 10 comprises in the embodiment shown a first server 22 , referred to here for convenience as the Avalon server 22 (token management server), a second server 24 , referred to here for convenience as the HSM server (hardware security module) and a third server 26 , which acts as a database server.
- the servers 22 , 24 and 26 are connected together in this embodiment via multiple IP/Ethernet inter-connects in a bind configuration (for example an Ether-Channel) into a switch 28 such as a Cisco L2 or L3 switch.
- Database server 26 in this embodiment connects to a storage system, for example a disk array 27 , via a suitable switch 29 , such as a Brocade FC switch. Other arrangements may be used for storage, such as flash memory, tape or optical disk.
- the system of FIG. 1 operates as follows according to the steps of FIG. 2 and 3 .
- the process steps may be applied to any privacy identifier for example a credit card transaction, as for example when a customer seeks to purchase services using a credit card.
- a front end server 16 captures a privacy identifier (PI) (as for example credit card data that may include a credit card identifier (CCI) and, in step 32 , forwards the privacy identifier to the secure server installation 10 .
- PI privacy identifier
- CCI credit card identifier
- the privacy identifier is encrypted in step 34 .
- a token uniquely associated with the privacy identifier is generated by an irreversible function in step 36 .
- the token and encrypted privacy identifier and key hash of the privacy identifier are stored in a manner that they are associated with each other in step 38 .
- the token is then forwarded to a back end server 18 in step 40 for further processing according to the nature of the transaction in step 42 , where the token is processed as a proxy for the privacy identifier.
- the transaction may in some embodiments proceed as follows for the purpose of validating the privacy transaction, as for example a credit card validation where credit card data, and in some embodiments other privacy data, is validated.
- the back end servers 18 request privacy identifier validation by generating a validation request message, and sending the validation request message to a information validation server 20 such as a credit card validation server.
- the validation request message contains the token and not the privacy identifier.
- the token is removed from the validation request message and replaced by the privacy identifier in step 46 .
- the validation request message is forwarded to an end system 20 , such as a information validation server.
- a confirmation message is returned to the back end user 18 that requested validation.
- the privacy identifier (PI) is not included in the confirmation message to 18 . If there is a privacy identifier (PI), it is removed by secure server installation 10 .
- the Avalon server 22 is configured to generate unique and meaningless tokens, to request a search and match of tokens for association of correct credit card identifiers and an authentication code for the credit card identifiers via database server 26 , to extract credit card identifiers and insert tokens for internal backend system processing and to extract tokens and insert credit card identifiers for external communications processing for payment validation.
- a token is substituted for a privacy identifier for all back end transactions.
- the token is unique to the privacy identifier and meaningless in relation to the privacy identifier. That is, the privacy identifier cannot be determined from the token.
- One manner of accomplishing generation of a meaningless token is to select a length of characters by an irreversible function such as generating the token in sequential order as credit card identifiers are processed by the Avalon server 22 .
- the token may thus be obtained by looking up an ordered sequence of tokens, and selecting an unused token from the ordered sequence.
- a suitably long token should be adopted to cover variable length privacy identifiers.
- the characters may include any suitable characters, such as numerals and letters but may include other characters.
- all tokens have a one-to-one relationship with privacy identifiers such as credit card numbers and other privacy identifiers.
- privacy identifiers such as credit card numbers and other privacy identifiers.
- the transactions may always use the same token that was issued the first time the customer completes a transaction using the secure server installation 10 .
- a suitably long token for example in one embodiment a numerical entity 21 digits long, there will never be more tokens issued to any particular individual than the total possible number of unique credit card identifiers and other privacy identifiers that an individual possesses and uses in the system. For example, as an extreme scenario, if an individual uses 40 different credit card identifiers and provides 40 pieces of different ID for various financial transactions, this individual would require a total of 80 unique tokens from the secure server installation 10 . If we consider a total adult population of 500,000,000 (500 Million) for this scenario, the total number of tokens that the secure server installation would need to issue is 40,000,000,000 (40 Billion) tokens (80 ⁇ 500 Million). Thus, a token of length 21 digits will not be exhausted in practice. However, longer tokens could be used.
- Tokens in one embodiment are issued in a sequential format for every request the system receives. Each request received however is completely random with no discernable pattern or ability to anticipate the type of value associated with the token.
- Token requests may come in from a variety of front end servers 16 and the generated token delivered to any of a large number of back end servers 18 .
- the token requests may be processed in batches amongst other individual requests coming into the back end servers 18 .
- Token requests may be associated with different types of identifiers (credit card verses other privacy identifiers), different credit card suppliers, different privacy identifiers (such as drivers license, bank account, PIN, Student Card, Government Employee #, etc. . . . ) and may be issued during any time of the day. Accordingly, due to the randomness, types of requests and data to be tokenized being sent to the secure server installation 10 , it is quite impossible to define or construct a usable pattern of token issuing.
- Request for tokens are restricted to specific applications whose authorization and authentication is tracked each time those applications need to communicate with the secure server installation 10 .
- the activity to request a token, encryption/decryption or hashing service may be monitored, tracked and written to a log file.
- Tracking software may also be applied to the back end servers 18 which need to connect to the secure server installation 10 .
- the same security measures apply to those teams which need to access secure server installation 10 such as audit teams, reverse payment teams, system administrators and security officers.
- Each role of the audit teams, reverse payment teams, system administrators and security officers are granted specific levels of security without overlap of the other roles, further reducing risk.
- Tokens are stored in the clear within the backend systems 18 . If the token is sufficiently long, such as for example longer than any credit card or other privacy identifier, the token has no meaning that can be deduced from its length. In addition, even if the token was truncated, the specific format of the digits' numbering scheme would not meet the validation process of a credit card identifier. By generating the token from an irreversible function such as a sequential number generator, the token is completely independent of the credit card or privacy identifier randomly submitted by a particular person or business for the secure server installation 10 to process.
- an irreversible function such as a sequential number generator
- the secure server installation 10 is the last step in the communication stream between the back end servers 18 and external privacy identifier processing servers.
- FIG. 4 further details of operation of a secure server installation are described in an exemplary embodiment applied to credit card transactions.
- the same process of token insertion and credit card identifier (CCI) encryption process may be applied to other privacy identifiers as for example bank account identifiers.
- CCI token insertion and credit card identifier
- Step 60 Front End Server 16 ⁇ Avalon Server 22 (Token Request)
- a process of credit card remediation begins with generation of a token request by a front end server 16 during a credit card processing request.
- the front end server 16 may be a web tier application that requires use of a credit card payment to complete a transaction.
- the front end server 16 will need to communicate with a back end server 18 for the purpose of completing the transaction.
- the normal transaction process using a credit card is commenced, but the front end server 16 pauses the transaction process for the time required to send the credit card identifier to the secure server installation 10 for a token request/receipt. Communication stream between the front end server 16 and secure server installation 10 is secured via SSL.
- Step 62 Avalon Server 22 ⁇ HSM Server 24 (Encryption Request)
- the Avalon server 22 at the secure server installation 10 receives credit card identifier and sends it to the HSM Server 24 for encryption and generation of the keyed hash of credit card identifier, for example by a KEYed Hash process.
- Step 64 HSM (Encryption)
- the HSM server 24 encrypts the credit card identifier (using a strong encryption KEY # 1 hash, as for example using a 1024 bit key) and builds an authentication code corresponding to the credit card identifier for look up purposes.
- the cryptography key for decryption is kept at the HSM server 24 .
- An example of an authentication code is a keyed hash based on the credit card identifier+a 256 bit KEY (using Key # 2 )
- the strength of encryption KEY # 1 and KEY # 2 should be sufficiently strong to meet security standards applicable to the transaction process.
- An example authentication code is a keyed-hash message authentication code, or HMAC, calculated using a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any suitably strong iterative cryptographic hash function, such as MD5,SHA-1 or better, may be used in the calculation of an HMAC for this purpose.
- the cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.
- Step 66 HSM Server 24 ⁇ Avalon Server 22 (Return CCI)
- the HSM server 24 returns the encrypted Credit card identifier and authentication code to the Avalon server 22 .
- Step 68 Avalon Server 22 ⁇ Database Server 26 (Existing Token?)
- the Avalon Server 22 sends the authentication code and, in some embodiments, an entity type to the database server 26 to search for an existing token.
- An entity type may be an additional security code based on a feature of the transaction being paused, as for example based on the credit card issuer (such as VISATM). Look up in the database server 26 is done via the authentication code and the entity type to lower or avoid the possibility of collisions (or token mismatch).
- Step 70 Database Server 26 ⁇ Avalon Server 22 (Existing token returned) If a match on authentication code and entity type is found, the database server 26 returns the token matched.
- Step 72 Database Server 26 ⁇ Avalon Server 22 (No existing token) If no match is found, the database server 26 returns a “null” response indicating to the Avalon server 22 that a new token must be created.
- Step 74 Avalon server 22 (Create token). If no existing token is returned from the database server 26 , the Avalon server 22 generates a new token as for example a unique sequential and meaningless number. The Avalon server 22 associates the token with an encrypted credit card identifier, the authentication code, and entity type, and also any other suitable identification information, such as a table name or key label, used by the database.
- Step 76 Avalon server 22 ⁇ Database Server (Store Token).
- the Avalon server 22 sends the token, encrypted credit card identifier, authentication code, entity type and other suitable identification information to the database server 26 for processing and storage.
- the database server 26 returns an acknowledge message when this process is complete.
- Step 78 Avalon server 22 ⁇ Back End Server 18 (Forward Token). Once an acknowledge response from the database server 26 has been received, the Avalon server 22 sends the token to the back end server 18 , where the token is used by the back end server 18 to carry out the transaction requested by the front end server 16 that requested the transaction and originally forwarded the credit card identifier that has now been substituted by the token.
- steps 80 - 96 detail the payment confirmation process.
- Step 80 Back End Server 18 ⁇ Secure server installation 10 (Verification Request) If credit card verification is required, the following steps may be taken. Once the back end server 18 has completed its processing, the back end server 18 sends its financial transaction data stream (which includes the unique token) to the secure server installation 10 for credit card identifier lookup and re-insertion. Communication stream between the two entities is secured via SSL.
- Step 82 Avalon server 22 (Token/CCI Exchange Request)
- the Avalon server 22 receives the data stream from the back end server 18 and pauses the transaction process for the time required to extract unique token, look up credit card identifier in the database 27 and re-insert credit card identifier in the data stream.
- Step 84 Avalon server 22 ⁇ Database Server 26 (Find encrypted CCI).
- Avalon server 22 sends the token to the database server 26 for encrypted credit card identifier look up.
- Step 86 Database Server 26 ⁇ Avalon server 22 (Return encrypted CCI)
- the database server 26 receives unique token, searches for matching token and associated encrypted credit card identifier.
- the database server 26 sends the encrypted credit card identifier to the Avalon server 22 .
- Step 88 Avalon server 22 ⁇ HSM Server 24 (Request CCI).
- the Avalon server 22 receives the encrypted credit card identifier with the cryptography key label and sends it to the HSM server 24 for decryption.
- Step 90 HSM Server 24 ⁇ Avalon server 22 (Decryption and CCI Insertion)
- the HSM server 24 receives encrypted credit card identifier, decrypts and sends the decrypted CCI to the Avalon server 22 .
- the Avalon server 22 receives decrypted credit card identifier and inserts into transaction stream in place of token.
- Step 92 Avalon server 22 ⁇ Private Information Validation Company 20 (Payment Completion Request, for example).
- Payment Completion Request for example.
- the transaction stream from the back end server 18 with decrypted or real credit card identifier is sent to the Credit Card Validation Company 20 for payment process completion.
- Step 94 Private Information Validation Company 20 ⁇ Avalon server 22 (Payment Completion).
- the Private Information Validation Company 20 returns payment confirmation details to Avalon server 22 . If the Private Information Validation Company 20 returns the private information identifier as part of its confirmation data to Avalon server 22 , the private information identifier is stripped out prior to re-directing the completed transaction stream back to the back end server 18 .
- Step 96 Server 18 ⁇ Front End Server 16 (Complete Transaction).
- the completed transaction with associated confirmation data is sent to the originating front end server 16 .
- a user could be a connected user to server 16 (a web browser for example).
- the Avalon server 22 is configured for example using suitable software to generate unique & meaningless sequential numbers for variable field length credit card identifiers and privacy identifier fields.
- the tokens should thus have a sufficient number of digits to cover various length identifiers. While one type of encryption KEY may be used for the credit card identifier, other encryption keys may be used for other fields, such as privacy identifier fields, that require encryption.
- the Avalon server 22 may in some embodiments track, monitor, log and audit all activity relating to credit card processing done by the secure server installation 10 . If separate servers 22 , 24 and 26 are used, they should be clustered for reliability.
- the HSM server 24 should be permitted to communicate only with the Avalon server 22 by suitable identification measures. In some embodiments, for strictest security, no device other than the Avalon server 22 should be able to issue requests to the HSM server 24 . Some systems 20 may be permitted access to the Avalon server 22 for purposes of maintenance, operations, audits and investigations.
- the HSM Server 26 provides encryption, decryption, authentication code, keyed hash generation and key management for the secure server installation 10 .
Abstract
A secure server installation is provided that abstracts credit card identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety. The secure server installation intercepts credit card transactions sent from front end applications to back end applications, and forwards tokens in replacement of credit card identifiers for processing by the back end applications.
The same secure server installation can be applied for the encryption, storage (data-at-rest), transmission of private data within a network of other private or sensitive data not limited to social insurance numbers, drivers license numbers, phone numbers, bank account numbers, etc.
Description
- As credit card fraud and identify fraud becomes more prevalent, credit card issuers and personal information providers (government agencies, etc) are requiring greater security by companies that process transactions using credit cards or other personal information. The software applications used by these companies must meet strict standards for credit card processing required by credit card issuers and personal information. The standards include providing secure processing and storage of credit card information, and other privacy identifiers such as driver's license, banking or other financial data as for example as may be achieved by suitable encryption of credit card identifiers, identification numbers or bank account numbers. However, it is very difficult for companies with existing credit card and other identifiable information (driver's license, social security numbers, banking information, etc) to meet these requirements.
- A method and apparatus is provided for privacy identifier remediation using a secure server installation. The secure server installation abstracts privacy identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety. The secure server installation intercepts transactions using privacy identifiers that are sent from front end applications to back end applications, and forwards tokens in replacement of privacy identifiers for processing by the back end applications. The secure server component also acts as a mediation gateway to connect to external agencies or processing systems. In an embodiment, the privacy identifiers comprise credit card numbers.
- These and other aspects of the apparatus and method are set out in the claims, which are incorporated here by reference.
- Embodiments will now be described with reference to the figures, in which like reference characters denote like elements, by way of example, and in which:
-
FIG. 1 is schematic showing the processing components of an embodiment of a secure server installation and its environment; -
FIG. 2 is flow diagram illustrating method steps of a privacy identifier remediation process; -
FIG. 3 is a flow diagram illustrating further method steps of a privacy identifier remediation process; -
FIG. 4 shows details of the process ofFIG. 2 applied to the specific example of credit cards; and -
FIG. 5 shows details of the process ofFIG. 3 applied to the specific example of credit cards. - In the claims, the word “comprising” is used in its inclusive sense and does not exclude other elements being present. The indefinite article “a” before a claim feature does not exclude more than one of the claim feature being present. Each one of the individual features described here may be used in one or more embodiments and is not, by virtue only of being described here, to be construed as essential to all embodiments as defined by the claims.
- In
FIG. 1 ,secure server installation 10 is physically isolated in a secure location and logically connected viafirewall 12 androuter 14 to a variety offront end servers 16,back end systems 18,systems 20 and external processing systems. Thefront end servers 16 comprise any server or device that captures one or more privacy identifiers such as credit card data, social insurance numbers, bank account numbers, driver's license numbers, contract numbers and phone numbers from a person such as a customer or consumer. Theback end systems 18 comprise for example application and database servers that process privacy transactions, that is, a transaction that involves a privacy identifier. Thesystems 20 comprise privacy data validation servers, and may include for example end systems and users that need to connect to thesecure server installation 10 for purposes of maintenance & operations, monitoring, logging of privacy data for purposes of audits, financial reporting and investigations. The connection links between the elements shown inFIG. 1 represent logical connections formed upon request over any communications link including optical fiber, wireless and wired connections, and may include intervening networks of any suitable kind such as portions of the internet. SSL or equivalent or better communications security should be used to secure communications, and for that purpose thesecure server installation 10 may be connected via afirewall 12 to therouter 14 by anSSL device 15 such as an SSL accelerator, as for example an SSL accelerator from F5 Networks. - The
secure server installation 10 comprises in the embodiment shown afirst server 22, referred to here for convenience as the Avalon server 22 (token management server), asecond server 24, referred to here for convenience as the HSM server (hardware security module) and athird server 26, which acts as a database server. Other configurations of fewer or more servers could be used, and the entire functionality of the secure server installation in some embodiments could comprise a single server. Theservers switch 28 such as a Cisco L2 or L3 switch.Database server 26 in this embodiment connects to a storage system, for example adisk array 27, via asuitable switch 29, such as a Brocade FC switch. Other arrangements may be used for storage, such as flash memory, tape or optical disk. - In operation, the system of
FIG. 1 operates as follows according to the steps ofFIG. 2 and 3 . The process steps may be applied to any privacy identifier for example a credit card transaction, as for example when a customer seeks to purchase services using a credit card. As shown inFIG. 2 , beginning withstep 30, afront end server 16 captures a privacy identifier (PI) (as for example credit card data that may include a credit card identifier (CCI) and, instep 32, forwards the privacy identifier to thesecure server installation 10. At the secure server installation, the privacy identifier is encrypted instep 34. In addition, a token uniquely associated with the privacy identifier is generated by an irreversible function instep 36. The token and encrypted privacy identifier and key hash of the privacy identifier are stored in a manner that they are associated with each other instep 38. The token is then forwarded to aback end server 18 instep 40 for further processing according to the nature of the transaction instep 42, where the token is processed as a proxy for the privacy identifier. - As shown in
FIG. 3 , the transaction may in some embodiments proceed as follows for the purpose of validating the privacy transaction, as for example a credit card validation where credit card data, and in some embodiments other privacy data, is validated. Instep 44, theback end servers 18 request privacy identifier validation by generating a validation request message, and sending the validation request message to ainformation validation server 20 such as a credit card validation server. The validation request message contains the token and not the privacy identifier. At thesecure server installation 10, the token is removed from the validation request message and replaced by the privacy identifier instep 46. Instep 48, the validation request message is forwarded to anend system 20, such as a information validation server. Upon validation of the request, in step 50 a confirmation message is returned to theback end user 18 that requested validation. The privacy identifier (PI) is not included in the confirmation message to 18. If there is a privacy identifier (PI), it is removed bysecure server installation 10. - As outlined below, in one exemplary embodiment applied to credit card identifiers, although similar operations may also be applied to other privacy identifiers, the Avalon
server 22 is configured to generate unique and meaningless tokens, to request a search and match of tokens for association of correct credit card identifiers and an authentication code for the credit card identifiers viadatabase server 26, to extract credit card identifiers and insert tokens for internal backend system processing and to extract tokens and insert credit card identifiers for external communications processing for payment validation. - A token is substituted for a privacy identifier for all back end transactions. The token is unique to the privacy identifier and meaningless in relation to the privacy identifier. That is, the privacy identifier cannot be determined from the token. One manner of accomplishing generation of a meaningless token is to select a length of characters by an irreversible function such as generating the token in sequential order as credit card identifiers are processed by the Avalon
server 22. The token may thus be obtained by looking up an ordered sequence of tokens, and selecting an unused token from the ordered sequence. A suitably long token should be adopted to cover variable length privacy identifiers. The characters may include any suitable characters, such as numerals and letters but may include other characters. - In one embodiment, all tokens have a one-to-one relationship with privacy identifiers such as credit card numbers and other privacy identifiers. Thus, in the case where the privacy identifier is a credit card number, no matter how many times a customer issues a credit purchase with the same credit card identifier, the transactions may always use the same token that was issued the first time the customer completes a transaction using the
secure server installation 10. The same applies to other privacy identifiers. If an individual provides the same ID for any number of financial transactions, the token associated with that ID will always be the same one utilized during the processing of the transaction. - By selecting a suitably long token, for example in one embodiment a numerical entity 21 digits long, there will never be more tokens issued to any particular individual than the total possible number of unique credit card identifiers and other privacy identifiers that an individual possesses and uses in the system. For example, as an extreme scenario, if an individual uses 40 different credit card identifiers and provides 40 pieces of different ID for various financial transactions, this individual would require a total of 80 unique tokens from the
secure server installation 10. If we consider a total adult population of 500,000,000 (500 Million) for this scenario, the total number of tokens that the secure server installation would need to issue is 40,000,000,000 (40 Billion) tokens (80×500 Million). Thus, a token of length 21 digits will not be exhausted in practice. However, longer tokens could be used. - Tokens in one embodiment are issued in a sequential format for every request the system receives. Each request received however is completely random with no discernable pattern or ability to anticipate the type of value associated with the token. Token requests may come in from a variety of
front end servers 16 and the generated token delivered to any of a large number ofback end servers 18. The token requests may be processed in batches amongst other individual requests coming into theback end servers 18. Token requests may be associated with different types of identifiers (credit card verses other privacy identifiers), different credit card suppliers, different privacy identifiers (such as drivers license, bank account, PIN, Student Card, Government Employee #, etc. . . . ) and may be issued during any time of the day. Accordingly, due to the randomness, types of requests and data to be tokenized being sent to thesecure server installation 10, it is quite impossible to define or construct a usable pattern of token issuing. - Request for tokens are restricted to specific applications whose authorization and authentication is tracked each time those applications need to communicate with the
secure server installation 10. Once communication and access have been granted to the system, the activity to request a token, encryption/decryption or hashing service may be monitored, tracked and written to a log file. Tracking software may also be applied to theback end servers 18 which need to connect to thesecure server installation 10. Thus there are multiple areas where processes are in place to ensure the secure request and issuing of tokens. The same security measures apply to those teams which need to accesssecure server installation 10 such as audit teams, reverse payment teams, system administrators and security officers. Thus only those systems and/or individuals with strict secure pre-defined credentials are able to request a credit card identifier for decryption by submitting a token. Each role of the audit teams, reverse payment teams, system administrators and security officers are granted specific levels of security without overlap of the other roles, further reducing risk. - Tokens are stored in the clear within the
backend systems 18. If the token is sufficiently long, such as for example longer than any credit card or other privacy identifier, the token has no meaning that can be deduced from its length. In addition, even if the token was truncated, the specific format of the digits' numbering scheme would not meet the validation process of a credit card identifier. By generating the token from an irreversible function such as a sequential number generator, the token is completely independent of the credit card or privacy identifier randomly submitted by a particular person or business for thesecure server installation 10 to process. Further, there is no association between the token and credit card identifier except for the token being the prime search key to find the encrypted credit card identifier which enables the completion of the requested financial transaction by aparticular backend system 18. Additionally, this process is a one-way stream in which theback end system 18 cannot and does not see the privacy identifier when a transaction is processed. Thesecure server installation 10 is the last step in the communication stream between theback end servers 18 and external privacy identifier processing servers. - Referring to
FIG. 4 , further details of operation of a secure server installation are described in an exemplary embodiment applied to credit card transactions. The same process of token insertion and credit card identifier (CCI) encryption process may be applied to other privacy identifiers as for example bank account identifiers. -
Step 60Front End Server 16→Avalon Server 22 (Token Request) A process of credit card remediation begins with generation of a token request by afront end server 16 during a credit card processing request. Thefront end server 16 may be a web tier application that requires use of a credit card payment to complete a transaction. Thefront end server 16 will need to communicate with aback end server 18 for the purpose of completing the transaction. The normal transaction process using a credit card is commenced, but thefront end server 16 pauses the transaction process for the time required to send the credit card identifier to thesecure server installation 10 for a token request/receipt. Communication stream between thefront end server 16 andsecure server installation 10 is secured via SSL. -
Step 62Avalon Server 22→HSM Server 24 (Encryption Request) TheAvalon server 22 at thesecure server installation 10 receives credit card identifier and sends it to theHSM Server 24 for encryption and generation of the keyed hash of credit card identifier, for example by a KEYed Hash process. -
Step 64 HSM (Encryption) TheHSM server 24 encrypts the credit card identifier (using a strong encryption KEY #1 hash, as for example using a 1024 bit key) and builds an authentication code corresponding to the credit card identifier for look up purposes. The cryptography key for decryption is kept at theHSM server 24. An example of an authentication code is a keyed hash based on the credit card identifier+a 256 bit KEY (using Key #2) The strength of encryption KEY #1 and KEY #2 should be sufficiently strong to meet security standards applicable to the transaction process. An example authentication code is a keyed-hash message authentication code, or HMAC, calculated using a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any suitably strong iterative cryptographic hash function, such as MD5,SHA-1 or better, may be used in the calculation of an HMAC for this purpose. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits. -
Step 66HSM Server 24→Avalon Server 22 (Return CCI) TheHSM server 24 returns the encrypted Credit card identifier and authentication code to theAvalon server 22. -
Step 68Avalon Server 22→Database Server 26 (Existing Token?) In an embodiment, before creating a token, theAvalon Server 22 sends the authentication code and, in some embodiments, an entity type to thedatabase server 26 to search for an existing token. An entity type may be an additional security code based on a feature of the transaction being paused, as for example based on the credit card issuer (such as VISA™). Look up in thedatabase server 26 is done via the authentication code and the entity type to lower or avoid the possibility of collisions (or token mismatch). -
Step 70Database Server 26→Avalon Server 22 (Existing token returned) If a match on authentication code and entity type is found, thedatabase server 26 returns the token matched. -
Step 72Database Server 26→Avalon Server 22 (No existing token) If no match is found, thedatabase server 26 returns a “null” response indicating to theAvalon server 22 that a new token must be created. -
Step 74 Avalon server 22 (Create token). If no existing token is returned from thedatabase server 26, theAvalon server 22 generates a new token as for example a unique sequential and meaningless number. TheAvalon server 22 associates the token with an encrypted credit card identifier, the authentication code, and entity type, and also any other suitable identification information, such as a table name or key label, used by the database. -
Step 76Avalon server 22→Database Server (Store Token). In this step, theAvalon server 22 sends the token, encrypted credit card identifier, authentication code, entity type and other suitable identification information to thedatabase server 26 for processing and storage. Thedatabase server 26 returns an acknowledge message when this process is complete. -
Step 78Avalon server 22→Back End Server 18 (Forward Token). Once an acknowledge response from thedatabase server 26 has been received, theAvalon server 22 sends the token to theback end server 18, where the token is used by theback end server 18 to carry out the transaction requested by thefront end server 16 that requested the transaction and originally forwarded the credit card identifier that has now been substituted by the token. - Referring to
FIG. 5 , steps 80-96 detail the payment confirmation process. -
Step 80Back End Server 18→Secure server installation 10 (Verification Request) If credit card verification is required, the following steps may be taken. Once theback end server 18 has completed its processing, theback end server 18 sends its financial transaction data stream (which includes the unique token) to thesecure server installation 10 for credit card identifier lookup and re-insertion. Communication stream between the two entities is secured via SSL. -
Step 82 Avalon server 22 (Token/CCI Exchange Request) TheAvalon server 22 receives the data stream from theback end server 18 and pauses the transaction process for the time required to extract unique token, look up credit card identifier in thedatabase 27 and re-insert credit card identifier in the data stream. -
Step 84Avalon server 22→Database Server 26 (Find encrypted CCI).Avalon server 22 sends the token to thedatabase server 26 for encrypted credit card identifier look up. -
Step 86Database Server 26→Avalon server 22 (Return encrypted CCI) Thedatabase server 26 receives unique token, searches for matching token and associated encrypted credit card identifier. Thedatabase server 26 sends the encrypted credit card identifier to theAvalon server 22. -
Step 88Avalon server 22→HSM Server 24 (Request CCI). TheAvalon server 22 receives the encrypted credit card identifier with the cryptography key label and sends it to theHSM server 24 for decryption. -
Step 90HSM Server 24→Avalon server 22 (Decryption and CCI Insertion) TheHSM server 24 receives encrypted credit card identifier, decrypts and sends the decrypted CCI to theAvalon server 22. TheAvalon server 22 receives decrypted credit card identifier and inserts into transaction stream in place of token. -
Step 92Avalon server 22→Private Information Validation Company 20 (Payment Completion Request, for example).The transaction stream from theback end server 18 with decrypted or real credit card identifier is sent to the CreditCard Validation Company 20 for payment process completion. -
Step 94 PrivateInformation Validation Company 20→Avalon server 22 (Payment Completion). The PrivateInformation Validation Company 20 returns payment confirmation details toAvalon server 22. If the PrivateInformation Validation Company 20 returns the private information identifier as part of its confirmation data toAvalon server 22, the private information identifier is stripped out prior to re-directing the completed transaction stream back to theback end server 18. -
Step 96Server 18→Front End Server 16 (Complete Transaction). The completed transaction with associated confirmation data is sent to the originatingfront end server 16. The transaction terminates where it originated from. A user could be a connected user to server 16 (a web browser for example). - The
Avalon server 22 is configured for example using suitable software to generate unique & meaningless sequential numbers for variable field length credit card identifiers and privacy identifier fields. The tokens should thus have a sufficient number of digits to cover various length identifiers. While one type of encryption KEY may be used for the credit card identifier, other encryption keys may be used for other fields, such as privacy identifier fields, that require encryption. TheAvalon server 22 may in some embodiments track, monitor, log and audit all activity relating to credit card processing done by thesecure server installation 10. Ifseparate servers - The
HSM server 24 should be permitted to communicate only with theAvalon server 22 by suitable identification measures. In some embodiments, for strictest security, no device other than theAvalon server 22 should be able to issue requests to theHSM server 24. Somesystems 20 may be permitted access to theAvalon server 22 for purposes of maintenance, operations, audits and investigations. - The
HSM Server 26 provides encryption, decryption, authentication code, keyed hash generation and key management for thesecure server installation 10. - Immaterial modifications may be made to the embodiments described here without departing from what is covered by the claims.
Claims (32)
1. A method of privacy identifier remediation, comprising the steps of:
capturing a privacy identifier at a front end server;
forwarding the privacy identifier to a secure server installation;
at the secure server installation, obtaining a token to replace the privacy identifier, the token being unique and meaningless in relation to the privacy identifier;
forwarding the token from the secure server installation to a back end server; and
processing the token as a proxy for the privacy identifier at the back end server.
2. The method of claim 1 in which obtaining the token comprises:
checking for a pre-existing token corresponding to the privacy identifier;
if there is a pre-existing token corresponding to the privacy identifier, then forwarding the pre-existing token in replacement of the privacy identifier; and
if there is no pre-existing token corresponding to the privacy identifier, then generating a token and forwarding the generated token in replacement of the privacy identifier.
3. The method of claim 2 in which:
generating a token is carried out in a token management server; and
pre-existing tokens are stored in a storage medium managed by a database server.
4. The method of claim 2 in which generating the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
5. The method of claim 1 further comprising:
requesting private information identifier validation by generating a validation request message for sending to a private information validation server, the validation request message containing the token;
at the secure server installation, replacing the token in the validation request message by the private information identifier; and
forwarding the validation request message to the private information validation server.
6. The method of claim 1 further comprising the step of:
encrypting the privacy identifier at the secure server installation to generate an encrypted privacy identifier with a keyed hash the privacy identifier; and
associating the token with the encrypted privacy identifier.
7. The method of claim 6 in which:
encrypting the privacy identifier is carried out at a secure encryption server; and
associating the token with the encrypted privacy identifier is carried out at a token management server.
8. The method of claim 7 in which obtaining the token comprises:
checking for a pre-existing token corresponding to the privacy identifier with the search of the keyed hash of the privacy identifier;
if there is a pre-existing token corresponding to the privacy identifier, then forwarding the pre-existing token in replacement of the privacy identifier; and
if there is no pre-existing token corresponding to the privacy identifier, then generating a token and forwarding the generated token in replacement of the privacy identifier.
9. The method of claim 8 in which:
generating a token is carried out in the token management server; and
pre-existing tokens are stored in a storage medium managed by a database server.
10. The method of claim 9 in which generating the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
11. The method of claim 10 further comprising:
requesting privacy identifier validation by generating a validation request message for sending to a private information validation server, the validation request message containing the token;
at the secure server installation, replacing the token in the validation request message by the privacy identifier; and
forwarding the validation request message to the private information validation server.
12. The process of claim 1 in which the privacy identifier comprises a credit card number.
13. Apparatus configured to carry out the steps of method claim 1 .
14. A method of privacy identifier remediation, comprising the steps of:
capturing a privacy identifier at a front end server;
forwarding the privacy identifier to a secure server installation;
at the secure server installation, encrypting the privacy identifier to generate an encrypted privacy identifier with the keyed hash of the privacy identifier, generating a token uniquely associated with the privacy identifier, the token being meaningless in relation to the privacy identifier and storing the token and encrypted privacy identifier;
forwarding the token to a back end server; and
processing the token as a proxy for the privacy identifier at the back end server.
15. The method of claim 14 further comprising the steps of:
requesting privacy identifier validation by generating a validation request message for sending to a private information validation server, the validation request message containing the token;
at the secure server installation, replacing the token in the validation request message by the privacy identifier; and
forwarding the validation request message to the private information validation server.
16. The method of claim 15 further comprising confirming transaction completion after validation of the privacy identifier at the privacy validation server.
17. The method of claim 16 in which the privacy identifier comprises a credit card number.
18. A method of credit card identifier remediation, comprising the steps of:
receiving a credit card processing request, the request containing a credit card identifier;
obtaining a token to replace the credit card identifier, the token being unique and meaningless in relation to the credit card identifier; and
forwarding the token for processing as a proxy for the credit card identifier.
19. The method of claim 18 in which obtaining the token comprises:
checking for a pre-existing token corresponding to the credit card identifier;
if there is a pre-existing token corresponding to the credit card identifier, then forwarding the pre-existing token in replacement of the credit card identifier; and
if there is no pre-existing token corresponding to the credit card identifier, then generating a token and forwarding the generated token in replacement of the credit card identifier.
20. The method of claim 19 in which checking for a pre-existing token is carried out by searching for a keyed hash of the credit card identifier associated with the token.
21. The method of claim 19 in which:
generating a token is carried out in a token management server; and
pre-existing tokens are stored in a storage medium managed by a database server.
22. The method of claim 18 in which obtaining the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
23. The method of claim 18 further comprising the step of:
encrypting the credit card identifier to generate an encrypted credit card identifier; and
associating the token with the encrypted credit card identifier.
24. The method of claim 23 in which:
encrypting the credit card and the keyed hash of the credit card identifier is carried out at a secure encryption server; and
associating the token with the encrypted credit card identifier is carried out at a token management server.
25. The method of claim 24 in which obtaining the token comprises:
checking for a pre-existing token corresponding to the credit card identifier;
if there is a pre-existing token corresponding to the credit card identifier, then forwarding the pre-existing token in replacement of the credit card identifier; and
if there is no pre-existing token corresponding to the credit card identifier, then generating a token and forwarding the generated token in replacement of the credit card identifier.
26. The method of claim 25 in which checking for a pre-existing token is carried out by searching for a keyed hash of the credit card identifier associated with the token
27. The method of claim 26 in which:
generating a token is carried out in the token management server; and
pre-existing tokens are stored in a storage medium managed by a database server.
28. The method of claim 27 in which generating the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
29. Apparatus configured to carry out the steps of method claim 18 .
30. A secure server installation, comprising:
one or more servers connected via a firewall to a network router; and
the one or more servers being configured to:
receive a privacy processing request, the request containing a privacy identifier;
encrypting the privacy identifier for safe storage of the encrypted privacy identifier, the encrypted privacy identifier being encrypted with a key for decryption;
obtain a token to replace the privacy identifier, the token being unique and meaningless in relation to the privacy identifier; and
forward the token for processing as a proxy for the privacy identifier.
31. The secure server installation of claim 30 in which the one or more servers comprise:
a secure encryption server for carrying out encryption and decryption functions; and
a token management server for coordinating selection of a token.
32. The secure server installation of claim 31 in which the one or more servers comprise a database server for managing storage of tokens and encrypted privacy identifiers.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/739,031 US20080263645A1 (en) | 2007-04-23 | 2007-04-23 | Privacy identifier remediation |
PCT/CA2008/000746 WO2008128349A1 (en) | 2007-04-23 | 2008-04-23 | Privacy identifier remediation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/739,031 US20080263645A1 (en) | 2007-04-23 | 2007-04-23 | Privacy identifier remediation |
Publications (1)
Publication Number | Publication Date |
---|---|
US20080263645A1 true US20080263645A1 (en) | 2008-10-23 |
Family
ID=39873562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/739,031 Abandoned US20080263645A1 (en) | 2007-04-23 | 2007-04-23 | Privacy identifier remediation |
Country Status (1)
Country | Link |
---|---|
US (1) | US20080263645A1 (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090012839A1 (en) * | 2007-07-03 | 2009-01-08 | American Express Travel Related Services Company, Inc. | Determining Brand Affiliations |
US20090193508A1 (en) * | 2008-01-29 | 2009-07-30 | International Business Machines Corporation | Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith |
US20090281871A1 (en) * | 2008-05-12 | 2009-11-12 | Terrence Patrick Tietzen | Method, system, and computer program for providing a loyalty engine for automated cause management |
US20100070754A1 (en) * | 2008-06-10 | 2010-03-18 | Paymetric, Inc. | Payment encryption accelerator |
US20110154467A1 (en) * | 2009-12-18 | 2011-06-23 | Sabre Inc. | Tokenized data security |
WO2011133494A2 (en) * | 2010-04-19 | 2011-10-27 | Tokenex, L.L.C. | Devices, systems, and methods for tokenizing sensitive information |
US20120137347A1 (en) * | 2009-02-13 | 2012-05-31 | Fengpei Zhang | Method of and System for Implementing Privacy Control |
US8489894B2 (en) | 2010-05-26 | 2013-07-16 | Paymetric, Inc. | Reference token service |
US8799674B1 (en) * | 2009-12-04 | 2014-08-05 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
CN104065623A (en) * | 2013-03-21 | 2014-09-24 | 华为终端有限公司 | Information processing method, trust server and cloud server |
WO2016037330A1 (en) * | 2014-09-10 | 2016-03-17 | 华为技术有限公司 | Information processing method and device |
US20160119296A1 (en) * | 2014-10-22 | 2016-04-28 | Prasanna Laxminarayanan | Token Enrollment System and Method |
US9785941B2 (en) * | 2012-02-10 | 2017-10-10 | Protegrity Corporation | Tokenization in mobile environments |
EP3480724A1 (en) * | 2017-11-07 | 2019-05-08 | Comforte AG | Computer implemented method for replacing a data string with a placeholder |
US10733604B2 (en) * | 2007-09-13 | 2020-08-04 | Visa U.S.A. Inc. | Account permanence |
US10984125B2 (en) * | 2016-01-25 | 2021-04-20 | Micro Focus Llc | Protecting data of a particular type |
US20220027907A1 (en) * | 2020-07-21 | 2022-01-27 | Bank Of America Corporation | Secure process to avoid storing payment credentials |
US11599657B2 (en) * | 2011-08-02 | 2023-03-07 | Api Market, Inc. | Rights-based system |
US20230247084A1 (en) * | 2022-01-31 | 2023-08-03 | Discover Financial Services | Trace context over file transfer communications |
Citations (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4386266A (en) * | 1980-02-11 | 1983-05-31 | International Business Machines Corporation | Method for operating a transaction execution system having improved verification of personal identification |
US5241594A (en) * | 1992-06-02 | 1993-08-31 | Hughes Aircraft Company | One-time logon means and methods for distributed computing systems |
US5629981A (en) * | 1994-07-29 | 1997-05-13 | Texas Instruments Incorporated | Information management and security system |
US5664016A (en) * | 1995-06-27 | 1997-09-02 | Northern Telecom Limited | Method of building fast MACS from hash functions |
US5956400A (en) * | 1996-07-19 | 1999-09-21 | Digicash Incorporated | Partitioned information storage systems with controlled retrieval |
US6170744B1 (en) * | 1998-09-24 | 2001-01-09 | Payformance Corporation | Self-authenticating negotiable documents |
US6266413B1 (en) * | 1998-06-24 | 2001-07-24 | Benyamin Ron | System and method for synchronizing one time pad encryption keys for secure communication and access control |
US6314425B1 (en) * | 1999-04-07 | 2001-11-06 | Critical Path, Inc. | Apparatus and methods for use of access tokens in an internet document management system |
US20010044787A1 (en) * | 2000-01-13 | 2001-11-22 | Gil Shwartz | Secure private agent for electronic transactions |
US6360322B1 (en) * | 1998-09-28 | 2002-03-19 | Symantec Corporation | Automatic recovery of forgotten passwords |
US20020161591A1 (en) * | 1999-11-23 | 2002-10-31 | Gunner D. Danneels | Method of securely passing a value token between web sites |
US20030014528A1 (en) * | 2001-07-12 | 2003-01-16 | Crutcher Paul D. | Light-weight protocol-independent proxy for accessing distributed data |
US20030021417A1 (en) * | 2000-10-20 | 2003-01-30 | Ognjen Vasic | Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
US6678821B1 (en) * | 2000-03-23 | 2004-01-13 | E-Witness Inc. | Method and system for restricting access to the private key of a user in a public key infrastructure |
US6738907B1 (en) * | 1998-01-20 | 2004-05-18 | Novell, Inc. | Maintaining a soft-token private key store in a distributed environment |
US6874059B1 (en) * | 2001-11-14 | 2005-03-29 | Unisys Corporation | System and method for using anonymous tokens for efficient memory management |
US6889321B1 (en) * | 1999-12-30 | 2005-05-03 | At&T Corp. | Protected IP telephony calls using encryption |
US6918038B1 (en) * | 1996-08-13 | 2005-07-12 | Angel Secure Networks, Inc. | System and method for installing an auditable secure network |
US6938022B1 (en) * | 1999-06-12 | 2005-08-30 | Tara C. Singhal | Method and apparatus for facilitating an anonymous information system and anonymous service transactions |
US6957199B1 (en) * | 2000-08-30 | 2005-10-18 | Douglas Fisher | Method, system and service for conducting authenticated business transactions |
US6978367B1 (en) * | 1999-10-21 | 2005-12-20 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a client proxy |
US6993657B1 (en) * | 2000-09-08 | 2006-01-31 | Oracle International Corporation | Techniques for managing database systems with a community server |
US7010686B2 (en) * | 2000-03-30 | 2006-03-07 | Mannesmann Vdo Ag | Method for enabling a file |
US7024395B1 (en) * | 2000-06-16 | 2006-04-04 | Storage Technology Corporation | Method and system for secure credit card transactions |
US20060080263A1 (en) * | 2004-10-13 | 2006-04-13 | Willis John A | Identity theft protection and notification system |
US7100195B1 (en) * | 1999-07-30 | 2006-08-29 | Accenture Llp | Managing user information on an e-commerce system |
US7103915B2 (en) * | 2000-11-13 | 2006-09-05 | Digital Doors, Inc. | Data security system and method |
US7106843B1 (en) * | 1994-04-19 | 2006-09-12 | T-Netix, Inc. | Computer-based method and apparatus for controlling, monitoring, recording and reporting telephone access |
US7111005B1 (en) * | 2000-10-06 | 2006-09-19 | Oracle International Corporation | Method and apparatus for automatic database encryption |
US7111047B2 (en) * | 2003-08-08 | 2006-09-19 | Teamon Systems, Inc. | Communications system providing message aggregation features and related methods |
US7114082B2 (en) * | 1999-03-26 | 2006-09-26 | Micron Technology Inc. | Data security for digital data storage |
US7117311B1 (en) * | 2001-12-19 | 2006-10-03 | Intel Corporation | Hot plug cache coherent interface method and apparatus |
US20070162766A1 (en) * | 2006-01-09 | 2007-07-12 | Fuji Xerox Co, Ltd. | Data management system, data management method and storage medium storing program for data management |
US7536360B2 (en) * | 1999-07-26 | 2009-05-19 | Iprivacy, Llc | Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party |
US7873577B1 (en) * | 2006-01-27 | 2011-01-18 | Aspect Loss Prevention, LLC | Sensitive data aliasing for transaction-card and other applications |
-
2007
- 2007-04-23 US US11/739,031 patent/US20080263645A1/en not_active Abandoned
Patent Citations (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4386266A (en) * | 1980-02-11 | 1983-05-31 | International Business Machines Corporation | Method for operating a transaction execution system having improved verification of personal identification |
US5241594A (en) * | 1992-06-02 | 1993-08-31 | Hughes Aircraft Company | One-time logon means and methods for distributed computing systems |
US7106843B1 (en) * | 1994-04-19 | 2006-09-12 | T-Netix, Inc. | Computer-based method and apparatus for controlling, monitoring, recording and reporting telephone access |
US5629981A (en) * | 1994-07-29 | 1997-05-13 | Texas Instruments Incorporated | Information management and security system |
US5664016A (en) * | 1995-06-27 | 1997-09-02 | Northern Telecom Limited | Method of building fast MACS from hash functions |
US5956400A (en) * | 1996-07-19 | 1999-09-21 | Digicash Incorporated | Partitioned information storage systems with controlled retrieval |
US6918038B1 (en) * | 1996-08-13 | 2005-07-12 | Angel Secure Networks, Inc. | System and method for installing an auditable secure network |
US6738907B1 (en) * | 1998-01-20 | 2004-05-18 | Novell, Inc. | Maintaining a soft-token private key store in a distributed environment |
US6266413B1 (en) * | 1998-06-24 | 2001-07-24 | Benyamin Ron | System and method for synchronizing one time pad encryption keys for secure communication and access control |
US6170744B1 (en) * | 1998-09-24 | 2001-01-09 | Payformance Corporation | Self-authenticating negotiable documents |
US6360322B1 (en) * | 1998-09-28 | 2002-03-19 | Symantec Corporation | Automatic recovery of forgotten passwords |
US7114082B2 (en) * | 1999-03-26 | 2006-09-26 | Micron Technology Inc. | Data security for digital data storage |
US6314425B1 (en) * | 1999-04-07 | 2001-11-06 | Critical Path, Inc. | Apparatus and methods for use of access tokens in an internet document management system |
US6938022B1 (en) * | 1999-06-12 | 2005-08-30 | Tara C. Singhal | Method and apparatus for facilitating an anonymous information system and anonymous service transactions |
US7536360B2 (en) * | 1999-07-26 | 2009-05-19 | Iprivacy, Llc | Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party |
US7100195B1 (en) * | 1999-07-30 | 2006-08-29 | Accenture Llp | Managing user information on an e-commerce system |
US6978367B1 (en) * | 1999-10-21 | 2005-12-20 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a client proxy |
US20020161591A1 (en) * | 1999-11-23 | 2002-10-31 | Gunner D. Danneels | Method of securely passing a value token between web sites |
US6889321B1 (en) * | 1999-12-30 | 2005-05-03 | At&T Corp. | Protected IP telephony calls using encryption |
US20010044787A1 (en) * | 2000-01-13 | 2001-11-22 | Gil Shwartz | Secure private agent for electronic transactions |
US6678821B1 (en) * | 2000-03-23 | 2004-01-13 | E-Witness Inc. | Method and system for restricting access to the private key of a user in a public key infrastructure |
US7010686B2 (en) * | 2000-03-30 | 2006-03-07 | Mannesmann Vdo Ag | Method for enabling a file |
US7024395B1 (en) * | 2000-06-16 | 2006-04-04 | Storage Technology Corporation | Method and system for secure credit card transactions |
US6957199B1 (en) * | 2000-08-30 | 2005-10-18 | Douglas Fisher | Method, system and service for conducting authenticated business transactions |
US6993657B1 (en) * | 2000-09-08 | 2006-01-31 | Oracle International Corporation | Techniques for managing database systems with a community server |
US7111005B1 (en) * | 2000-10-06 | 2006-09-19 | Oracle International Corporation | Method and apparatus for automatic database encryption |
US20030021417A1 (en) * | 2000-10-20 | 2003-01-30 | Ognjen Vasic | Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
US7103915B2 (en) * | 2000-11-13 | 2006-09-05 | Digital Doors, Inc. | Data security system and method |
US20030014528A1 (en) * | 2001-07-12 | 2003-01-16 | Crutcher Paul D. | Light-weight protocol-independent proxy for accessing distributed data |
US6874059B1 (en) * | 2001-11-14 | 2005-03-29 | Unisys Corporation | System and method for using anonymous tokens for efficient memory management |
US7117311B1 (en) * | 2001-12-19 | 2006-10-03 | Intel Corporation | Hot plug cache coherent interface method and apparatus |
US7111047B2 (en) * | 2003-08-08 | 2006-09-19 | Teamon Systems, Inc. | Communications system providing message aggregation features and related methods |
US20060080263A1 (en) * | 2004-10-13 | 2006-04-13 | Willis John A | Identity theft protection and notification system |
US20070162766A1 (en) * | 2006-01-09 | 2007-07-12 | Fuji Xerox Co, Ltd. | Data management system, data management method and storage medium storing program for data management |
US7873577B1 (en) * | 2006-01-27 | 2011-01-18 | Aspect Loss Prevention, LLC | Sensitive data aliasing for transaction-card and other applications |
Cited By (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090012839A1 (en) * | 2007-07-03 | 2009-01-08 | American Express Travel Related Services Company, Inc. | Determining Brand Affiliations |
US10733604B2 (en) * | 2007-09-13 | 2020-08-04 | Visa U.S.A. Inc. | Account permanence |
US8220032B2 (en) * | 2008-01-29 | 2012-07-10 | International Business Machines Corporation | Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith |
US20090193508A1 (en) * | 2008-01-29 | 2009-07-30 | International Business Machines Corporation | Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith |
US20090281871A1 (en) * | 2008-05-12 | 2009-11-12 | Terrence Patrick Tietzen | Method, system, and computer program for providing a loyalty engine for automated cause management |
US10861062B2 (en) | 2008-05-12 | 2020-12-08 | Edatanetworks Inc. | Automated cause management |
US20100070754A1 (en) * | 2008-06-10 | 2010-03-18 | Paymetric, Inc. | Payment encryption accelerator |
US8751788B2 (en) * | 2008-06-10 | 2014-06-10 | Paymetric, Inc. | Payment encryption accelerator |
US20120137347A1 (en) * | 2009-02-13 | 2012-05-31 | Fengpei Zhang | Method of and System for Implementing Privacy Control |
US9799033B2 (en) * | 2009-12-04 | 2017-10-24 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US9009493B2 (en) * | 2009-12-04 | 2015-04-14 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US20140337238A1 (en) * | 2009-12-04 | 2014-11-13 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US9530127B2 (en) * | 2009-12-04 | 2016-12-27 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US20150213445A1 (en) * | 2009-12-04 | 2015-07-30 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US8799674B1 (en) * | 2009-12-04 | 2014-08-05 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US9202215B2 (en) * | 2009-12-04 | 2015-12-01 | Akamai Technologies, Inc. | Method and system for handling sensitive data in a content delivery network |
US8739262B2 (en) | 2009-12-18 | 2014-05-27 | Sabre Glbl Inc. | Tokenized data security |
US8595812B2 (en) * | 2009-12-18 | 2013-11-26 | Sabre Inc. | Tokenized data security |
US20110154466A1 (en) * | 2009-12-18 | 2011-06-23 | Sabre Inc., | Tokenized data security |
US10262128B2 (en) | 2009-12-18 | 2019-04-16 | Sabre Glbl Inc. | Tokenized data security |
US20110154467A1 (en) * | 2009-12-18 | 2011-06-23 | Sabre Inc. | Tokenized data security |
WO2011133494A3 (en) * | 2010-04-19 | 2012-04-12 | Tokenex, L.L.C. | Devices, systems, and methods for tokenizing sensitive information |
WO2011133494A2 (en) * | 2010-04-19 | 2011-10-27 | Tokenex, L.L.C. | Devices, systems, and methods for tokenizing sensitive information |
US9558494B2 (en) | 2010-04-19 | 2017-01-31 | Tokenex, L.L.C. | Devices, systems, and methods for tokenizing sensitive information |
US8489894B2 (en) | 2010-05-26 | 2013-07-16 | Paymetric, Inc. | Reference token service |
US11599657B2 (en) * | 2011-08-02 | 2023-03-07 | Api Market, Inc. | Rights-based system |
US9785941B2 (en) * | 2012-02-10 | 2017-10-10 | Protegrity Corporation | Tokenization in mobile environments |
US9904923B2 (en) | 2012-02-10 | 2018-02-27 | Protegrity Corporation | Tokenization in mobile environments |
CN104065623A (en) * | 2013-03-21 | 2014-09-24 | 华为终端有限公司 | Information processing method, trust server and cloud server |
US10063655B2 (en) | 2013-03-21 | 2018-08-28 | Huawei Device (Dongguan) Co., Ltd. | Information processing method, trusted server, and cloud server |
WO2014146609A1 (en) * | 2013-03-21 | 2014-09-25 | 华为终端有限公司 | Information processing method, trust server and cloud server |
CN105684343A (en) * | 2014-09-10 | 2016-06-15 | 华为技术有限公司 | Information processing method and device |
WO2016037330A1 (en) * | 2014-09-10 | 2016-03-17 | 华为技术有限公司 | Information processing method and device |
US10412060B2 (en) * | 2014-10-22 | 2019-09-10 | Visa International Service Association | Token enrollment system and method |
US10015147B2 (en) * | 2014-10-22 | 2018-07-03 | Visa International Service Association | Token enrollment system and method |
US20160119296A1 (en) * | 2014-10-22 | 2016-04-28 | Prasanna Laxminarayanan | Token Enrollment System and Method |
US10984125B2 (en) * | 2016-01-25 | 2021-04-20 | Micro Focus Llc | Protecting data of a particular type |
EP3480724A1 (en) * | 2017-11-07 | 2019-05-08 | Comforte AG | Computer implemented method for replacing a data string with a placeholder |
US10929151B2 (en) | 2017-11-07 | 2021-02-23 | Comforte Ag | Computer-implemented method for replacing a data string by a placeholder |
US20220027907A1 (en) * | 2020-07-21 | 2022-01-27 | Bank Of America Corporation | Secure process to avoid storing payment credentials |
US20230247084A1 (en) * | 2022-01-31 | 2023-08-03 | Discover Financial Services | Trace context over file transfer communications |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20080263645A1 (en) | Privacy identifier remediation | |
CN108009917B (en) | Transaction verification and registration method and system for digital currency | |
CN102932136B (en) | Systems and methods for managing cryptographic keys | |
US20200134586A1 (en) | Anonymity and traceability of digital property transactions on a distributed transaction consensus network | |
CN103563325B (en) | Systems and methods for securing data | |
CN109687959B (en) | Key security management system, key security management method, key security management medium, and computer program | |
CN105656920B (en) | A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery | |
CN111444273B (en) | Data authorization method and device based on block chain | |
CN104079573A (en) | Systems and methods for securing data in the cloud | |
US20070101410A1 (en) | Method and system using one-time pad data to evidence the possession of a particular attribute | |
JP2007282295A (en) | Cryptographic system and method with key escrow feature | |
CN103384196A (en) | Secure data parser method and system | |
CN103178965A (en) | Systems and methods for securing data using multi-factor or keyed dispersal | |
CN104917780A (en) | Systems and methods for securing data in motion | |
JP2005522775A (en) | Information storage system | |
US11711349B2 (en) | Methods and systems for secure cross-platform token exchange | |
CN112183765B (en) | Multi-source multi-modal data preprocessing method and system for shared learning | |
CN111639952A (en) | Returned goods checking method, returned goods checking system, returned goods checking server and returned goods checking terminal based on block chain | |
CN111882410A (en) | Tax information query method and system based on block chain | |
GB2430850A (en) | Using One-Time Pad (OTP) data to evidence the possession of a particular attribute | |
US20230259899A1 (en) | Method, participant unit, transaction register and payment system for managing transaction data sets | |
CN109889343B (en) | Electronic invoice circulation control method, device and system | |
CN115409511B (en) | Personal information protection system based on block chain | |
CN112001714A (en) | Digital currency implementation method based on block chain technology | |
CN103916237A (en) | Method and system for managing user encrypted-key retrieval |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: TELUS COMMUNICATIONS COMPANY, CANADA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RENTER, CHRISTOPHER K.;NILES, DENIS A.;REEL/FRAME:019196/0314 Effective date: 20070423 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |